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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Applicants) : Paul MERTES et al. 

Serial No. To Be Assigned 

Filed : Herewith 

For A METHOD FOR GENERATING ASYMMETRICAL 

CRYPTOKEYS AT THE USER'S LOCATION 

Group Art Unit To Be Assigned 

Assistant Commissioner for Patents 
Washington, DC. 20231 

PRELIMINARY AMENDMENT 

SIR: 

Please amend the above-identified application before examination as 

follows: 

In The Specification : 

On page 1, line 1, change "Background Information" to 
— Background Information— . 

On page 1, line 3, before "invention" insert —present--. 

On page 1, line 3, change "of the type described in more detail in" to 

On page 1, delete line 4 and in its place insert —Asymmetrical cryptological 
methods are described generally in--. 

On page 1, line 5, after "1997 " insert -The present invention relates in 
particular to all forms of asymmetrical cryptological methods. Such methods are used, for 
example, in ATM cards/bank transactions, access controls to networks/databases, entry 
controls to buildings/rooms, digital signatures, digital IDs/patient cards, etc.—. 

On page 1, line 20, after "Internet." insert -In generating asymmetrical 
cryptokeys in the handwriting of the user, signature and encryption keys are necessary, and 
in personalizing and certifying, reliable connections to a Trust Center are necessary. If users 
wish to generate their own keys, particularly cryptokeys, security problems arise.—. 

On page 1, line 21, insert — Summary Of The Invention- . 
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On page 1, delete line 26. 
On page 2, delete line 1 . 

On page 2, delete line 3 and in its place insert - Detailed Description— . 
On page 4, line 1, change "Patent Claims" to 
- What Is Claimed Is :-. 

In The Claims : 

Please cancel claims 1-3 and add new claims 4-6 as follows: 

~4. (New) A method for generating, personalizing, and certifying an asymmetrical 
cryptokey in accordance with one of an operation performed at a central, secure location 
corresponding to a trust center and an operation performed at a user location in 
cooperation with the trust center using a secure transmission between a user and the trust 
center, the method comprising the steps of: 

causing the trust center to provide the user with a previously generated, 
personalized, and certified signature key pair, and with components for producing at least 
one encryption key pair; 

producing the at least one encryption key pair including a public part and a secret 

part; 

marking the public part of the at least one encryption key pair using an assigned 
secret part of the previously generated signature key pair; 

after marking the public part of the at least one encryption key pair, transmitting the 
at least one encryption key pair to the trust center; 

unequivocally assigning the at least one encryption key pair to the user; 

causing the trust center to check the unequivocal assignment of the at least one 
encryption key pair by using a public part of the previously generated signature key pair; 

after the check of the unequivocal assignment is performed successfully, causing the 
trust center to produce a new certificate by using at least one of the public part of the 
previously generated signature key pair and the public part of the at least one encryption 
key pair; 
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encrypting the new certificate using the public part of the at least one encryption key 
pair; and 

causing the trust center to transmit the encrypted new certificate to the user. 

5. (New) The method according to claim 4, wherein: 

the step of causing the trust center to provide the user with 
components for producing at least one encryption key pair includes the step of 
providing the user with components for producing at least one additional signature 
key pair, 

the step of producing the at least one encryption key pair includes the step 
of producing the at least one additional signature key pair, and 

the user marks a public part of the at least one additional signature key pair 
using the secret part of the previously generated signature key pair. 

6. (New) The method according to claim 5, further comprising the steps of: 
in each bilateral communication occurring between a user desiring no 

communication with the trust center and another user, marking and making available to the 
other user one of the public part of the at least one encryption key pair and the public part 
of the at least one additional signature key pair by using the secret part of the previously 
generated signature key pair; and 

checking a correctness of an assignment regarding one of the public part of the at 
least one encryption key pair and the public part of the at least one additional signature key 
pair by performing the steps of: 

verifying a signature, and 

checking a genuineness and a validity of the new certificate in the trust 
center.--. 
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In The Abstract : 

Delete the present Abstract and in its place insert the following: 

— Abstract Of The Disclosure 
A method in which a user first receives from a Trust Center a generated, personalized, and 
certified key pair as well as components for producing encryption pairs. The user at any 
time himself produces an encryption key pair, marks the public part of this pair using the 
secret signature key relinquished to him, and transmits the result to the Trust Center, where 
the result is assigned to the user using the certified public part of the signature key pair—. 

Remarks 

This Preliminary Amendment cancels claims 1-3 in the underlying PCT 
Application No. PCT/EP98/07984, and adds new claims 4-6. The new claims do not add 
new matter to the application but do conform the claims to U.S. Patent and Trademark 
Office rules. 

The amendments to the specification and abstract are to conform the 
specification and abstract to U.S. Patent and Trademark Office rules. The amendments to 
the specification and abstract do not introduce new matter into the application. 

The underlying PCT application includes a Search Report dated May 6, 
1999, a copy of which is submitted herewith. 
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Applicants assert that the present invention is new, non-obvious, and useful. 
Consideration and allowance of the claims are requested. 



Respectfully submitted, 
KENYON & KENYON 



Dated: 9/^/9^ By: %*hhnJLoL. Qy } ay, 



Richard L. Mayer 
Reg. No. 22,490 
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New York, NY 10004 

(212) 425-7200 
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A METHOD FOR GENERATING ASYMMETRICAL CRYPTOKEYS AT THE USER 5 S 

LOCATION 

Background Information 

The invention relates to an asymmetrical cryptological method of the type described in more detail in 
the preamble of patent Claim 1. Methods of this type are widely known and are described, e.g., in 
5 Menezes: Handbook of Applied Cryptography, 1997. 

A crucial problem of all known open cryptological methods is the reliable assignment to the 
^ authorized user of the utilized signature and encryption keys and the confirmation of the assignment 

^ by an independent third entity. In technical terms, this is a question of the reliable personalization of 

S§0 the keys along with subsequent certification. 

m Trustworthy methods, such as are described by Kowalski, in The Telecommunications Engineer 4/5 

:.. 1995; "Security Management System," solve this problem currently by generating, personalizing, 

'[^ and certifying keys of this type at a central, particularly secure location (usually so-called Trust 

=45 Centers). 

However, it cannot be excluded that in the future the users themselves will increasingly wish to 
generate their cryptokeys, in particular those for encryption. This desire should not be realized at the 
expense of the security and reliability of the method in question, as is the case today in the only 
20 loosely organized asymmetrical cryptological methods of the Internet. 

Thus as the objective of the invention, a method is required which shifts the generation of keys into 
the area of responsibility of the user without forfeiting the organizational security of an independent 
entity. 

25 

This objective is achieved in the method indicated in the characterizing part of Patent Claim 1 . 
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Advantageous possibilities for refinements are apparent in the characterizing part of Subclaim 2. 

The invention is explained on the basis of the following exemplary embodiment: 

5 The user receives from the central location, hereinafter termed Trust Center, a signature key pair 
that is already generated, personalized, and certified, e.g., a private signature key PS and a public 
signature key OS as well as the components for producing one or more encryption key pairs, 
Generate Encryption Keys, GEK. 

10 The user then himself produces at any time an encryption key pair, e.g., a private encryption key 

PVS, marks the public part of this pair, public encryption key OVS, using the previously 
m relinquished secret signature key PS, and transmits the result to the Trust Center. There, using a 

O check with the aid of the certified public part of the signature key pair OS of the user, the result is to 
CO be assigned as belonging, unequivocally and reliably, to the user. 

E 5 

The Trust Center thereupon generates a new certificate, in which are contained either both the 
!\ public part of signature key pair OS as well as that of encryption key pair OVS, or only that of the 

HJ encryption key pair OVS of the user. 

JtO This certificate, in the next step, is then encrypted using the public part of the encryption key pair 
OVS of the user and is then transmitted. 

Thus it is assured that only the authorized user is able to decode the certificate and, in hardware- 
based systems, can download it into his corresponding hardware. At no time does the user have to 
25 reveal his secret, namely the secret part of encryption key pair PVS. 

If the user also wishes to generate the signature key pair in his area of responsibility, in other words 
if he also wants to protect the secret part of a signature key pair, a second private signature key 
PS2, from being accessed by the Trust Center, then this method is also used analogously for this 
30 purpose. Only the components Generate Digital Signature Keys, GDSK, for producing one or 
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more signature key pairs, are also relinquished to the user. 

Once generated, with the aid of the secret signature key PS relinquished by the Trust Center, the 
user also marks the public part of self-generated signature key pair OS2, in addition to or 
5 simultaneous with the public part of self-generated encryption pair OVS, and the result is 

transmitted to the Trust Center, where subsequently the process is continued just as described 
above. 

If user AW1 does not wish to have any further communication with a Trust Center, he can do this 
10 as well using the described method without any loss of reliability, by first marking and making 

available to the communication partner the public part of his self-generated key pair OVS using the 
^ secret part of the previously relinquished, personalized, and certified key pair PS in every bilateral 
S communication with another user AW2. 

j45 Receiving communication partner AW2 can reliably check the correct assignment of this information 
%l s with regard to public part OVS of the key pair self-generated by sending user AWT by verifying the 
j; signature and, if necessary, checking the genuineness and validity of the certificate in the Trust 

III Center underlying this signature. 
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Patent Claims 



1 . A method for generating asymmetrical cryptokeys at the user's location, in which keys are 
generated, personalized, and certified at a central, particularly secure location, (Trust Center), or, in 
cooperation using secure transmission between the user and this Trust Center, at the location of the 
user, 

characterized in that 

a. first, the user is provided by the Trust Center with a previously generated, personalized, and 
certified signature key pair (PS, OS), and also components for producing one or more encryption 
key pairs (GEK), 

b. thereupon, a further user's-own encryption key pair having a public (OVS) and a secret part 
(PVS) is produced by the user, and the public part (OVS) is marked using the assigned secret part 
(PS) of the signature key and the result is transmitted to the Trust Center, 

c. thereupon, the unequivocal assignment to the user is checked by the Trust Center using the 
certified public part (OS) of the signature key pair, 

d. after a successful check of the assignment, a new certificate is produced by the Trust Center 
using at least a public part of the signature key pair (OS) or of the encryption key pair (OVS) of the 
user, and finally 

e. this certificate, encrypted using the public part of the encryption key pair (OVS) of the user, is 
transmitted by the Trust Center to the user. 

2. The method for generating asymmetrical cryptokeys at the user's location as recited in Claim 1, 
characterized in that the user, in method step a., is additionally provided with components (GDSK) 
for producing one or more signature key pairs, which, in method step b., are also produced by the 
user, and that the public part (OS2) of this self-generated signature key pair is marked by the user, 
in addition or simultaneously, using the secret part of the signature key pair (PS) received from the 
Trust Center. 

3. The method for generating asymmetrical cryptokeys at the user's location as recited in Claim 1 
and 2, 
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characterized in that a user (AW1) desiring no communication whatsoever with a Trust Center, in 
every bilateral communication with another user (AW2), first marks and makes available to the 
latter the public part of his self-generated key pair (OVS or OS2) using the secret part of the key 
pair (PS) previously relinquished, personalized, and certified by the Trust Center, whereupon the 
correct assignment of this information regarding the public part (OVS or OS2) of the key pair self- 
generated by the sending user (AW1) is checked by the receiving user (AW2) by verifying the 
signature, and the genuineness and validity of the certificate in the Trust Center underlying this 
signature can be checked. 
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Abstract of the Disclosure 

2. 1 In generating asymmetrical cryptokeys in the handwriting of the user, signature and encryption 
keys are necessary, and in personalizing and certifying, reliable connections to a Trust Center are 
necessary. If users wish to generate their own keys, particularly cryptokeys, security problems 
arise. 

2.2 Problems of this type are reduced by a method in which the user first receives from the Trust 
Center a generated, personalized, and certified key pair as well as components for producing 
encryption pairs. The user at any time himself produces an encryption key pair, marks the public 
part of this pair using the secret signature key relinquished to him, and transmits the result to the 
Trust Center, where the result is assigned to the user using the certified public part of the signature 
key pair. 

2.3 The area of application of the invention includes all forms of asymmetrical cryptological 
methods: essentially, ATM cards^ank transactions, access controls to networks/databases, entry 
controls to buildings/rooms, digital signatures, digital IDs/patient cards. 

214518 
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COMBINED DECLARATION AND 
POWER OF ATTORNEY FOR PATENT APPLICATION 

As a below named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below 
adjacent to my name. 

I believe I am the original, first and sole inventor (if only one name is listed 
below) or an original, first and joint inventor (if plural names are listed below) of the subject 
matter which is claimed and for which a patent is sought on the invention entitled A 
METHOD FOR GENERATING ASYMMETRICAL CRYPTOKEYS AT THE 
USER'S LOCATION;, and the specification of which: 

[ ] is attached hereto; 

[ ] was filed as United States Application Serial No. on 

, 19 and was amended by the Preliminary 

Amendment filed on , 19 . 

[X] was filed as PCT International Application Number 
PCT/EP98/07984, on the 9th day of December, 1998. 
[X] an English translation of which is filed herewith. 
I hereby state that I have reviewed and understand the contents of the 
above-identified specification, including the claims, as amended by any amendment referred 
to above. 

I acknowledge the duty to disclose information which is material to the 
examination of this application in accordance with Title 37, Code of Federal Regulations, 
§ 1 .56(a). I hereby claim foreign priority benefits under Title 3 5, United States Code § 1 1 9 
of any foreign application(s) for patent or inventor's certificate or of any PCT international 
applications(s) designating at least one country other than the United States of America 
listed below and have also identified below any foreign application(s) for patent or 
inventor's certificate or any PCT international application(s) designating at least one country 
other than the United States of America filed by me on the same subject matter having a 
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filing date before that of the application(s) of which priority is claimed: 



PRIOR FOREIGN/PCT APPLICATION(S) 

AND ANY PRIORITY CLAIMS UNDER 35 U.S.C. 8 119 

Country : Germany 

Application No. : 198 01 241.1 

Date of Filing: January 12, 1998 

Priority Claimed 

Under 35 U.S.C. § 1 19 : [X] Yes [ ] No 

I hereby claim the benefit under Title 35, United States Code § 120 of any United States 
Application or PCT International Application designating the United States of America that 
is/are listed below and, insofar as the subject matter of each of the claims of this application 
is not disclosed in that/those prior application(s) in the manner provided by the first 
paragraph of Title 35, United States Code § 1 12, 1 acknowledge the duty to disclose 
material information as defined in Title 37, Code of Federal Regulations § 1.56(a) which 
occurred between the filing date of the prior application(s) and the national or PCT 
international filing date of this application: 

PRIOR U.S. APPLICATIONS OR 
PCT INTERNATIONAL APPLICATIONS 
DESIGNATING THE U.S. FOR BENEFIT UNDER 35 U.S.C. § 120 

U.S. APPLICATIONS 

Number : 

Filing Date : 
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PCT APPLICATIONS 
DESIGNATING THE U S 



PCT Number : 
PCT Filing Date : 

I hereby appoint the following attorney(s) and/or agents to prosecute the 
above-identified application and transact all business in the Patent and Trademark Office 
connected therewith. 

(List name(s) and registration number(s)): 

/ Richard L. Mayer, Reg. No. 22.490 

J *7lf Gerard A. Messina, Reg. No^JS^SS^ 

, Reg. No. 

, Reg. No. 

All correspondence should be sent to: 

Richa rd L. Mayer, Esq. 

Ke nyon & Kenyon 

One Broad way: 

New York^w^Qik 10004 

Telephone No.: (212) 425-7200 
Facsimile No.: (212) 425-5288 

I hereby declare that all statements made herein of my own knowledge are 
true and that all statements made on information and belief are believed to be true and 
further that these statements were made with the knowledge that willful false statements and 
the like so made are punishable by fine or imprisonment or both under Section 1001 of Title 
18 of the United States Code and that such willful false statements may jeopardize the 
validity of the application or any patent issuing thereon. 
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\S Full name of inventor Paul MERTES 




Inventor's signature 

Xlfizensfnp " Federal Republic of Germany 

Residence Mertenseifer Grund 9 
D-57258 Freudenberg 
Federal Republic of Germany ~2>/EX 

Post Office Address Same as above 
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Full name of inventor Werner METTKEN 

^ Inventor's signature ^^^^^^^^^ Date ^A^ff 

Citizenship Federal Republic of Germany 

Residence Eichenweg 9 

D-59969Hdlgnberg 
Federal Republic of Germany 

Post Office Address Same as above 
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